Overview

overview

10

Static

static

3

756d2a0090...8N.exe

windows7-x64

10

756d2a0090...8N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    756d2a0090841a10f8db4f883e481797dece95390dd1ac79390203be3f54a218N.exe

  • Size

    89KB

  • Sample

    241123-xyldsayjbm

  • MD5

    c5e4412f66eb9cc2eaee71ec3df836f0

  • SHA1

    5a0972bbdf0a2533f40ae6aaea1591f6bb3dfcda

  • SHA256

    756d2a0090841a10f8db4f883e481797dece95390dd1ac79390203be3f54a218

  • SHA512

    a58ca2cbb3ca44312d5e65a6c31932e7b14bf433d03f315773a5767b0e2e53be5a1b06d9a9c9c615778d0df3c27a1440be9c0c169fce7ced3250cb332e64dafb

  • SSDEEP

    1536:yUMAOg3ULbY2snHfnx3YzT3Omzw9ffVoQz/wtFd9+xQu:yUMAOhLbY2K/nx3YzRzgHVoS4B9+2u

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      756d2a0090841a10f8db4f883e481797dece95390dd1ac79390203be3f54a218N.exe

    • Size

      89KB

    • MD5

      c5e4412f66eb9cc2eaee71ec3df836f0

    • SHA1

      5a0972bbdf0a2533f40ae6aaea1591f6bb3dfcda

    • SHA256

      756d2a0090841a10f8db4f883e481797dece95390dd1ac79390203be3f54a218

    • SHA512

      a58ca2cbb3ca44312d5e65a6c31932e7b14bf433d03f315773a5767b0e2e53be5a1b06d9a9c9c615778d0df3c27a1440be9c0c169fce7ced3250cb332e64dafb

    • SSDEEP

      1536:yUMAOg3ULbY2snHfnx3YzT3Omzw9ffVoQz/wtFd9+xQu:yUMAOhLbY2K/nx3YzRzgHVoS4B9+2u

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks